#!perl
use strict;
use HTTP::Cookies;
use HTML::XSSLint;
use Getopt::Long;

# default
my %options = (
    'no-cookie' => 0,
    'user-agent' => "xsslint/$HTML::XSSLint::VERSION",
);

GetOptions(\%options, "no-cookie", "user-agent=s");
do_task(\%options, @ARGV);

sub do_task {
    my($options, @urls) = @_;
    my $agent = init_agent($options);
    audit_it($agent, $_) for @urls;
}

sub init_agent {
    my $options = shift;
    my $agent = HTML::XSSLint->new;
    unless ($options->{'no-cookie'}) {
	my $cookie_jar = HTTP::Cookies->new;
	$agent->cookie_jar($cookie_jar);
    }
    $agent->agent($options->{'user-agent'});
    return $agent;
}

sub audit_it {
    my($agent, $url) = @_;
    my @results = $agent->audit($url);
    print "\n[>] Report for : $url: \n";
    print "\n[>] Automatically Audited all form(s) with paramters present in target \n";
    my @v = grep { $_->vulnerable } @results;
    unless (@v) {
	print "[>] Form(s) paramters are not vulernable to defined payloads\n\n";	
	print "[>] This script is slow, and uses one payload only\n\n";	
	return;
    }

    printf "[>] Found %d vulnerable %s!\n\n", scalar @v, (@v > 1 ? 'forms' : 'form');
    for my $r (@v) {
	printf <<REPORT, $r->action, join(", ", $r->names), $r->example;
  Form(s) present at location   : %s
  Form(s) input parameter names : %s
  Form(s) URL                   : %s
REPORT
    ;
    }
}
